...

YADE Credential Store

See more More information about the Credential Store can be found in the following articles:

• YADE Credential Store

...

• Using Credential Store to securely store authentication, connection and other parameters

...

Setting up a Credential Store

Download

...

KeePass and create kdb file

• JADE YADE Credential Store (CS) supports KeePassX DB version 1.0x and 2.x
• You can download the Windows KeePass desktop utility from https://keepass.info/download.html
• You One can download the KeePassX desktop utility from https://www.keepassx.org/downloads/

Set-up Credential Store with Password

Step 1: Setup KeePassX DB

• Open the KeePassX utility
• Choose password as Master Key
• Assign password to KeePass DB and click OK

JADE YADE will use the Master Key, i.e. "the password " specified during the creation process as access password of the KeePassX DBdatabase.

Image Modified

Set-up Credential Store with PPK key

• Start KeePassX utility
• Click on Key File as Master Key
• Browse for pre-generated ssh SSH key as Master Key
• Click Ok ok and KeePassX will open and will be ready to add new entries.

Image Modified

Create Credential Store entries

Create Credential Store entry for FTP server

KeePassX DB can organize entries in logical groups, under groups and sub-groups.
One can organize Credential Store in groups, e.g. Internal-Server, External-Server etc. User is free to choose his own organization scheme.

• Create new top group i.e. sos
• Create new sub group i.e. server
• Create new entry wilma.sos for settings
  • Title            : Will be used as key in the hierarchy to access the credentials.
  • Username  : Field is used to specify the username, i.e. FTP/, SFTP user name
  • Password   : Password field Field is used to specify the password, user can use the  KeePassX's password generation feature to specify strong passwords or can provide already existing password.
  • Comment   : Can contain extra parameters for JADE YADE along with credentials, all/ any JADE YADE parameter can be specified in Comment the comment section.
  • Expires       : Expiry date is used to enforce Password/SSHkey a password and SSH key expiration policy, . The user can define its own expiry period i.ethe expirarion period, e.g. 90 days, or check option Never never. JADE YADE will raise an error if a KeePassX DB entry is not expired.
  • Attachment : Can have contain private key file used for file transfer

Image Modified

Create Credential Store entry for SFTP server

Image Modified

...

YADE profiles with Credential Store

Set-up global Credential Store profile

Define an a global profile having containing all the parameters concerning Credential Store. JADE YADE can reuse any profile defined in same jade_settings.ini file.
It 's is recommended to create global profile fragments and reuse them in profiles.
Alternatively a user can define multiple KeePassX DB files, e.g. Test, Integration, Production, and create corresponding profiles for the different environments.

Set-up global Credential Store profile with password

 ; Global Profile for KeePassX Database WithPassword
 [Keepass_DataBase_WithPassword]
 use_credential_Store                = true
 CredentialStore_FileName            = C:\sos-berlin.com\jade\credential-store\keepassX-test.kdb
 CredentialStoreAuthenticationMethod = password
 CredentialStore_password            = ********* 

Set-up global Credential Store profile with public key

 ; Global Profile for KeePassX Database With Public Key
 [Keepass_DataBase_WithPublicKey]
 use_credential_Store                = true
 CredentialStore_FileName            = C:\sos-berlin.com\jade\credential-store\keepassX-test.kdb
 CredentialStoreAuthenticationMethod = privatekey
 CredentialStore_KeyFileName         = C:\sos-berlin.com\jade\config\jade_cs_rsa.ppk

Set-up

...

YADE profile for FTP

In this example we are referring/ including Credential store Store settings from a global KeePassX database profile Keepass_DataBase_WithPassword .
JADE YADE then will open the KeePassX DB and refer to the entry sos/server/wilma.sos, we have already defined this settings  that has previously been defined in the KeePassX DB:

source_CredentialStore_KeyPath: JADE YADE will refer to the entry from KeePassX DB.

...

 [ReceiveUsingKeePass]
 source_include                 = Keepass_DataBase_WithPassword
 source_CredentialStore_KeyPath = sos/server/wilma8of9.sos
 source_dir                     = /tmp/test/jade/out
 source_make_dirs               = true
 source_transfer_mode           = ascii
 target_protocol                = local
 target_dir                     = ${TEMP}/jade/in
 operation                      = copy
 file_spec                      = \.txt$
 transfer_mode                  = ascii

Set-up

...

YADE profile for SFTP

 [ReceiveUsingKeePassReceiveUsingKeePassSourceSFTP]
 source_CredentialStore_KeyPath = sos/server/8of9.sos
 source_include operation                      = Keepass_DataBase_WithPasswordcopy
 sourcefile_dirspec                      = /tmp/test/jade/out \.txt$
 ;;
 source_make_Dirsinclude                 = trueKeepass_DataBase_WithPassword
 source_transferCredentialStore_mode           = ascii
 target_protocol                = local
 target_KeyPath = sos/server/8of9.sftp.sos
 source_dir                     = ${TEMP}/tmp/test/jade/inout
 operationsource_protocol                = SFTP

 source_ssh_auth_method    = copy
 file_spec   = password
 ;;
 target_protocol                = \.txt$local
 transfer_modetarget_dir                     = ascii${TEMP}/jade/in

...

Example for Server-to-Server File Transfer

...

profile using Credential

...

Store

A profile definition for Server-to-Server transferFile Transfer, from a an FTP to a na SFTP server:

 [transfer_server_2_server]
 include                        = Keepass_DataBase_WithPassword
 file_spec                      = ^.*\.txt$
 operation                      = copy
 source_CredentialStore_KeyPath = sos/server/wilma.sos
 source_dir                     = /tmp/test/jade/out
 target_CredentialStore_KeyPath = sos/server/8of9.sos
 target_dir                     = ${TEMP}/jade/in 

In this example all files with the file name extension .txt should be transferred from the server wilma via FTP to the server 8of9 by SFTP.

To start this with from the command line client one must you would type:

 jade.sh -settings=name_of_settings_file -profile=transfer_server_2_server

Profile fragments SFTP with Public Key

...

To make the profile more reusable and more readable it is possible to reuse profiles snippets in the way like this:

Status
colour Red title TODO

Code Block

[ReceiveUsingKeePass] source_include = Keepass_DataBase_WithPassword source_source_CredentialStore_KeyPath = keepass_homer_sftp_key source_dir = /tmp/test/jade/out source_protocol = sftp source_CredentialStore_ExportAttachment = true source_CredentialStore_ExportAttachment2FileName = c:\temp\8of9-sos.ppk source_ssh_auth_method = publickey source_ssh_auth_file = c:\temp\8of9-sos.ppk source_make_Dirs = true source_transfer_mode = ascii target_protocol = local target_dir = ${TEMP}/jade/in operation = copy file_spec = \.txt$ transfer_mode = ascii

Profile fragments SFTP with Public Key

...

To make the profile more reusable and more readable it is possible to reuse profiles snippets in the way like this:

Status
colour Red title TODO

Code Block

See also

• Using _CredentialStore_Credential Store to _ securely _ store _ authentication, _ connection _ and _ other _ parameters]
• For infos information about the YADE parameters see the parameter documentation on jadeParameterReference.the YADE - Reference Documentation - Parameter Reference